Threat Watch

MongoDB Database Breach

A massive MongoDB database was found that exposed over 275 million Indian citizens and contained very detailed personal information. The exposed information contained names, genders, dates of birth, email addresses, phone numbers, educational and professional information, and current salaries of the affected citizens. The data was hosted on servers and was found to have no encryption or password protection. Researchers were unable to find who owned the leaky database. Shortly after finding the exposed database, a hacker group called the “Unistellar” group had copied that database, deleted it and left a note stating “Restore? Contact: unistellar@hotmail[.]com.” Since the database did not have any protection protocols in place, anyone could assume ownership of the data and set administrator privileges for themselves.


Users of databases should ensure that when setting up data storage systems, to have a complete encryption system and passwords in place. Databases should never be set as accessible to the public and only to intended users. Anyone affected by this or any breach should be aware that this information could be used to assist an attacker in preparing a more detailed phishing campaign.